Note In multiple context mode, every context and the system execution space has its own login policies and passwords.

Changing the Login Password

The login password is used for sessions from the switch as well as Telnet and SSH connections. By default, the login password is "cisco." To change the password, enter the following command:

hostname(config)# {passwd | password} password

You can enter passwd or password. The password is a case-sensitive password of up to 16 alphanumeric and special characters. You can use any character in the password except a question mark or a space.

The password is saved in the configuration in encrypted form, so you cannot view the original password after you enter it. Use the no password command to restore the password to the default setting.

Changing the Enable Password

The enable password lets you enter privileged EXEC mode. By default, the enable password is blank. To change the enable password, enter the following command:

hostname(config)# enablepasswordpassword

The password is acase-sensitive password of up to 16 alphanumeric and special characters. You can use any character in the password except a question mark or a space.

This command changes the password for the highest privilege level. If you configure local command authorization, you can set enable passwords for each privilege level from 0 to 15.

The password is saved in the configuration in encrypted form, so you cannot view the original password after you enter it. Enter the enable password command without a password to set the password to the default, which is blank.

Changing the Maintenance Software Passwords

The maintenance software is valuable for troubleshooting. For example, you can install new software to an application partition, reset passwords, or show crash dump information from the maintenance software. You can only access the maintenance software by sessioning in to the FWSM.

The maintenance software has two user levels with different access privileges:

•root—Lets you configure the network partition parameters, upgrade the software images on the application partitions, change the guest account password, and enable or disable the guest account.

The default password is "cisco."

•guest—Lets you configure the network partition parameters and show crash dump information.

The default password is "cisco."

To change the maintenance partition passwords for both users, perform the following steps:

Step 1 To reboot the FWSM into the maintenance partition, enter the following command at the switch prompt:

Router# hw-modulemodule mod_num reset cf:1

Step 2 To session in to the FWSM, enter the following command:

Router# session slot mod_num processor 1

Step 3 Log in as root by entering the following command:

Login: root

Step 4 Enter the password at the prompt:

Password:

The default password is "cisco".

Step 5 Change the root password by entering the following command:

root@localhost# passwd

Step 6 Enter the new password at the prompt:

Changing password for user root

New password:

Step 7 Enter the new password again:

Retype new password:

passwd: all authentication tokens updated successfully

Step 8 Change the guest password by entering the following command:

root@localhost# passwd-guest

Step 9 Enter the new password at the prompt:

Changing password for user guest

New password:

Step 10 Enter the new password again:

Retype new password:

passwd: all authentication tokens updated successfully

This example shows how to set the password for the root account:

root@localhost# passwd

Changing password for user root

New password: *sh1p

Retype new password: *sh1p

passwd: all authentication tokens updated successfully

This example shows how to set the password for the guest account:

root@localhost# passwd-guest

Changing password for user guest

New password: f1rc8t

Retype new password: f1rc8t

passwd: all authentication tokens updated successfully

Setting the Hostname

When you set a hostname for the FWSM, that name appears in the command-line prompt. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands.

For multiple context mode, the hostname that you set in the system execution space appears in the command-line prompt for all contexts. The hostname that you optionally set within a context does not appear in the command line, but can be used by the banner command $(hostname) token.

To specify the hostname for the FWSM or for a context, enter the following command:

hostname(config)# hostname name

This name can be up to 63 characters. A hostname must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen. The FWSM supports all 95 printable characters except the question mark (?). Avoid the use of non-ASCII characters.

This name appears in the command-line prompt. For example:

hostname(config)# hostname farscape

farscape(config)#

Setting the Domain Name

The FWSM appends the domain name as a suffix to unqualified names. For example, if you set the domain name to "example.com," and specify a syslog server by the unqualified name of "jupiter," then the FWSM qualifies the name to "jupiter.example.com."

The default domain name is default.domain.invalid.

For multiple context mode, you can set the domain name for each context, as well as within the system execution space.

To specify the domain name for the FWSM, enter the following command:

hostname(config)# domain-name name

For example, to set the domain as example.com, enter the following command:

hostname(config)# domain-name example.com

Setting the Prompt

You can configure the information shown in the CLI prompt, including the hostname, context name, domain name, slot, failover status, and failover priority. In multiple context mode, you can view the extended prompt when you log into the system execution space or the admin context. Within a non-admin context, you only see the default prompt, which is the hostname and the context name.

To configure the information included in the prompt, enter the following command:

The order in which you enter the keywords determines the order of the elements in the prompt, which are separated by a slash (/). See the following descriptions for the keywords:

•hostname—Displays the hostname.

•domain—Displays the domain name.

•context—(Multiple mode only) Displays the current context.

•priority—Displays the failover priority as pri (primary) or sec (secondary). Set the priority using the failover lan unit command.

•slot—Displays the slot location in the switch.

•state—Displays the traffic-passing state of the unit. The following values are displayed for the state keyword:

–act—Failover is enabled, and the unit is actively passing traffic.

–stby— Failover is enabled, and the unit is not passing traffic and is in a standby, failed, or other non-active state.

–actNoFailover—Failover is not enabled, and the unit is actively passing traffic.

–stbyNoFailover—Failover is not enabled, and the unit is not passing traffic. This might happen when there is an interface failure above the threshold on the standby unit.

For example, to show all available elements in the prompt, enter the following command:

hostname(config)# prompt hostname context priority slot state

The prompt changes to the following string:

hostname/admin/pri/6/act(config)#

Configuring a Login Banner

You can configure a message to display when a user connects to the FWSM, when a user logs in to the FWSM using Telnet, or when a user enters user EXEC mode.

To configure a login banner, enter the following command in the system execution space or within a context:

hostname(config)# banner {motd | login | exec} text

The motd keyword shows a banner when a user first connects.

The login keyword shows a banner when a user logs in to the FWSM using Telnet.

The exec keyword shows a banner when a user accesses user EXEC mode.

When a user connects to the FWSM, the message-of-the-day banner appears first, followed by the login banner and prompts. This banner does not appear for non-Telnet connections. After the user successfully logs in to the FWSM (for Telnet connections), the exec banner displays.

For the banner text, spaces are allowed but you cannot enter tabs using the CLI. You can dynamically add the hostname or domain name of the FWSM by including the strings $(hostname) and $(domain). If you configure a banner in the system configuration, you can use that banner text within a context by using the $(system) string in the context configuration.